Code injection in Nextcloud Desktop Client for macOS (NC-SA-2020-016)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0229-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0220-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0220-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0220-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...

Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets

Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...

Nextcloud: Email Spoofing

An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...

Nextcloud server improper authorization vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An improper authorization vulnerability exists in Nextcloud Server 17.0.0. An attacker can exploit the vulnerability to cause preview and file disclosure when opening a file to place a share link via the Gallery...

Nextcloud Android SQL Injection Vulnerability

Nextcloud is a suite of client-server software for creating network drives.Nextcloud Android is the Nextcloud Android client. A security vulnerability exists in Nextcloud Android. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-05114)

Nextcloud is a client-server software suite for creating network hard disks. A reflected cross-site scripting vulnerability exists in svg generation in Nextcloud Server 16.0.1. No detailed vulnerability details are provided at this time...

Nextcloud Server Improper Privilege Retention Vulnerability

Nextcloud is a suite of client-server software for creating network hard disks. An improper privilege retention vulnerability exists in Nextcloud Server 14.0.3. An attacker could exploit the vulnerability to obtain event details when sharing non-public events...

Nextcloud server server-side request forgery vulnerability

Nextcloud is a client-server software suite for creating network hard disks. A server-side request forgery vulnerability exists in Nextcloud Server 16.0.1. An attacker could use this vulnerability to detect local and remote services when adding a new subscription in the Calendar application...

Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)

Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...

Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)

A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL...

Nextcloud Server < 13.0.9, < 14.0.5, < 15.0.1 Improper Authentication Vulnerability (NC-SA-2019-001)

Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)

Nextcloud Server is prone to an improper input vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 15.0.9, < 16.0.2 SSRF Vulnerability (NC-SA-2019-014)

Nextcloud Server is prone to a server-side request forgery SSRF vulnerability in the New-Subscription feature of the calendar app. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Nextcloud Server < 12.0.13, < 13.0.8, < 14.0.4 Access Control Vulnerability (NC-SA-2019-002)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 15.0.13, < 16.0.6, < 17.0.1 Information Disclosure Vulnerability (NC-SA-2019-012)

Nextcloud Server is prone to an information disclosure vulnerability where file-drop content is visible through the gallery app. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Nextcloud Server < 13.0.9, < 14.0.5 Share Access Vulnerability (NC-SA-2019-003)

Nextcloud Server is prone to a vulnerability where improper share updates could result in extended data access. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...